ACM Transactions on Programming Languages and Systems (TOPLAS)
Role-Based Access Control Models
Computer
The B-book: assigning programs to meanings
The B-book: assigning programs to meanings
An Abductive Approach for Analysing Event-Based Requirements Specifications
ICLP '02 Proceedings of the 18th International Conference on Logic Programming
A Complete, Nonredundant Algorithm for Reversed Skolemization
Proceedings of the 5th Conference on Automated Deduction
Role-Based Access Control
Zenon: an extensible automated theorem prover producing checkable proofs
LPAR'07 Proceedings of the 14th international conference on Logic for programming, artificial intelligence and reasoning
The role of abduction in declarative authorization policies
PADL'08 Proceedings of the 10th international conference on Practical aspects of declarative languages
Isabelle/HOL: a proof assistant for higher-order logic
Isabelle/HOL: a proof assistant for higher-order logic
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
A logic for state-modifying authorization policies
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Hi-index | 0.00 |
We present a specification approach of secured systems as transition systems and security policies as constraints that guard the transitions. In this context, security properties are expressed as invariants. Then we propose an abduction algorithm to generate possible security policies for a given transition-based system. Because abduction is guided by invariants, the generated security policies enforce security properties specified by these invariants. In this framework we are able to tune abduction in two ways in order to: (i) filter out bad security policies and (ii) generate additional possible security policies. Invariant-guided abduction helps designing policies and thus allows using formal methods much earlier in the process of building secured systems. This approach is illustrated on role-based access control systems.